VMware Cloud Community
Gael
Contributor
Contributor
‎06-02-2012 05:50 AM

[VCB] Role permissions for backup and restore VM

Hi,

I'm using VCB to backup restore VMs.

I need to delegate autorisation to another users to manage backup and restore. But i wouldn't like to give them admin right, just permissions to backup, and restore on existing VM or not.

I know permissions related to backup (http://www.vmware.com/pdf/vsphere4/r40/vsp_vcb_15_u1_admin_guide.pdf) but any information about requirement about restore.

I've found on another post (http://communities.vmware.com/message/1439438) where dan_white has post an excel with lot of permissions but it doesn't work ...

Permissions set to vcbuser role (base on Excel):

- Datastore.Allocate space

- Datastore.Browse Datastore

- Datastore.Low level file operations

- Datastore.remove file

- Folder.Create folder

- Folder.Move folder

- Folder.Rename folder

- Global.Cancel task

- Network.Assign network

- Resource.Assign virtual machine to resource pool

- Resource.Migrate

- Resource.Relocate

- Task.*

- Virtual Machine.Configuration.Add New Disk

- Virtual Machine.Configuration.Advanced

- Virtual Machine.Configuration.Change CPU count

- Virtual Machine.Configuration.change resource

- Virtual Machine.Configuration.disk lease

- Virtual Machine.Configuration.extend virtual disk

- Virtual Machine.Configuration.host USB device

- Virtual Machine.Configuration.memory

- Virtual Machine.Configuration.rename

- Virtual Machine.Configuration.settings

- Virtual Machine.Inventory.create from existing

- Virtual Machine.Inventory.create new

- Virtual Machine.Inventory.move

- Virtual Machine.Inventory.register

- Virtual Machine.Inventory.remove

- Virtual Machine.Provisionning.Allow disk access

- Virtual Machine.Provisionning.allow read-only disk access

- Virtual Machine.Provisionning.allow virtual machine download

- Virtual Machine.Provisionning.allow virtual machine files upload

- Virtual Machine.Provisionning.customize

- Virtual Machine.State.create snapshot

- Virtual Machine.State.Remove snapshot

Last log lines are :

[2012-06-02 14:46:54.901 F2DD16D0 trivia 'vmomi.soapStub[0]'] Received soap response from [TCP:ssc2pin3vctrw1:443]: GetConfig
[2012-06-02 14:46:54.903 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualIDEController
[2012-06-02 14:46:54.903 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualIDEController
[2012-06-02 14:46:54.903 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualPS2Controller
[2012-06-02 14:46:54.903 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualPCIController
[2012-06-02 14:46:54.903 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualSIOController
[2012-06-02 14:46:54.903 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualKeyboard
[2012-06-02 14:46:54.903 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualPointingDevice
[2012-06-02 14:46:54.904 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualVideoCard
[2012-06-02 14:46:54.904 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualLsiLogicController
[2012-06-02 14:46:54.904 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualDisk
[2012-06-02 14:46:54.904 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualDisk
[2012-06-02 14:46:54.904 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualCdrom
[2012-06-02 14:46:54.904 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualPCNet32
[2012-06-02 14:46:54.904 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualFloppy
[2012-06-02 14:46:54.904 F2DD16D0 trivia 'vmomi.soapStub[0]'] Sending soap request to [TCP:ssc2pin3vctrw1:443]: reconfigure {}
[2012-06-02 14:46:54.904 F2DD16D0 trivia 'vmomi.soapStub[0]'] Request started [N7Vmacore4Http13UserAgentImpl22AsyncSendRequestHelperE:0x59e2d440]
[2012-06-02 14:46:54.907 F2D6DB90 trivia 'vmomi.soapStub[0]'] Request completed [N7Vmacore4Http13UserAgentImpl22AsyncSendRequestHelperE:0x59e2d440]
[2012-06-02 14:46:54.907 F2DD16D0 error 'vcbRestore'] Error: No permission to perform this action.
[2012-06-02 14:46:54.907 F2DD16D0 trivia 'vmomi.soapStub[0]'] Sending soap request to [TCP:ssc2pin3vctrw1:443]: unregister {}
[2012-06-02 14:46:54.907 F2DD16D0 trivia 'vmomi.soapStub[0]'] Request started [N7Vmacore4Http13UserAgentImpl22AsyncSendRequestHelperE:0x59e2d440]
[2012-06-02 14:46:54.909 F2909B90 trivia 'vmomi.soapStub[0]'] Request completed [N7Vmacore4Http13UserAgentImpl22AsyncSendRequestHelperE:0x59e2d440]
terminate called after throwing an instance of 'Vim::Fault::NoPermission::Exception'
  what():  vim.fault.NoPermission
/usr/sbin/vcbRestore: line 94: 28354 Aborted                 (core dumped) LD_LIBRARY_PATH=:/usr/lib/vmware/vmacore:/usr/lib/vmware/vcb VCB_PASSWORD="$PASSWORD" /usr/lib/vmware/vcb/vcbRestore -h "$VCHOST" -u "$USERNAME" -s "$legacy_dir" -L "6" --

Thanks for your help Smiley Happy

0 Kudos
2 Replies
marcelo_soares
Champion
Champion
‎06-02-2012 06:39 AM

Teste providing all permissions from "Virtual Machine power user" plus:

- Datastore.Allocate space

- Datastore.Browse Datastore

- Datastore.Low level file operations

- Datastore.remove file

- Folder.Create folder

- Folder.Move folder

- Folder.Rename folder

- Global.Cancel task

- Network.Assign network

- Resource.Assign virtual machine to resource pool

- Resource.Migrate

- Resource.Relocate

- Task.*

Marcelo Soares
Gael
Contributor
Contributor
‎06-12-2012 08:09 AM

Final solution was to set permission as :

CategoryItem
DatastoreAllocate space
DatastoreBrowse datastore
DatastoreLow level file operations
DatastoreRemove file
FolderCreate folder
FolderRename folder
FolderMove folder
GlobalCancel task
NetworkAssign network
ResourceAssign virtual machine to resource pool
ResourceAssign VApp to resource pool
ResourceMigrate
ResourceRelocate
Scheduled taskCreate tasks
Scheduled taskModify task
Scheduled taskRemove task
Scheduled taskRun task
TaskCreate task
TaskUpdate task
VirtualMachine.ConfigAdd existing disk
VirtualMachine.ConfigAdd new disk
VirtualMachine.ConfigAdd or remove device
VirtualMachine.ConfigAdvanced
VirtualMachine.ConfigChange CPU count
VirtualMachine.ConfigChange resource
VirtualMachine.ConfigDisk lease
VirtualMachine.ConfigMemory
VirtualMachine.ConfigModify device settins
VirtualMachine.ConfigRemove disk
VirtualMachine.ConfigRename folder
VirtualMachine.ConfigReset guest information
VirtualMachine.ConfigSettings
VirtualMachine.ConfigUpgrade virtual hardware
VirtualMachine.InteractPower On
VirtualMachine.InteractDevice connection
VirtualMachine.InteractAcquire guest control ticket
VirtualMachine.InteractAnswer question
VirtualMachine.InteractConfigure CD media
VirtualMachine.InteractConfigure floppy media
VirtualMachine.InteractConsole interaction
VirtualMachine.InteractDevice connection
VirtualMachine.InteractPower Off
VirtualMachine.InteractPower On
VirtualMachine.InteractReset
VirtualMachine.InteractSuspend
VirtualMachine.InteractVmware Tools install
VirtualMachine.InventoryCreate from existing
VirtualMachine.InventoryCreate new
VirtualMachine.Inventoryregister
VirtualMachine.InventoryMove
VirtualMachine.ProvisioningAllow disk access
VirtualMachine.ProvisioningAllow read-only disk access
VirtualMachine.ProvisioningAllow virtual machine download
VirtualMachine.ProvisioningAllow virtual machine files upload
VirtualMachine.ProvisioningCustomize
VirtualMachine.StateCreate snapshot
VirtualMachine.StateRemove Snapshot

Thanks, for your help Smiley Happy

0 Kudos